HIGH🇵🇱 Wersja polska

CVE-2025-60954

CVSS 8.3v3.1pub. 2025-10-24upd. 2025-10-28

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
  • Microweber

    APP
    Microweber
    2.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-1877CRITICAL9.8ten sam produkt

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

CVE-2022-0895CRITICAL9.8ten sam produkt

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

CVE-2020-23138CRITICAL9.8ten sam produkt

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attac...

CVE-2025-51504HIGH7.6ten sam produkt

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via ...

CVE-2025-51503HIGH7.6ten sam produkt

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious s...